CVE-2023-26288

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jul 30, 2024
Updated: Aug 13, 2024
CWE ID 613

Summary

CVE-2023-26288 is a vulnerability affecting IBM Aspera Orchestrator 4.0.1. This issue allows an authenticated user to maintain their session after changing their password, enabling them to impersonate another user on the system. IBM X-Force has assigned it the ID 248477. The failure to invalidate sessions following password changes creates a significant security risk, as unauthorized access to other users' accounts can result in data breaches or system compromise. IBM urges users to upgrade to a patched version as soon as possible to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share